The number of ransomware (opens in new tab) attacks against schools and colleges in the US may be starting to fall, but remain a serious threat, impacting hundreds of thousands of students, and costing the institutions billions in expenses.
Analyzing publicly available data on ransomware attacks against education institutions since 2018, Comparitech has found that in 2021, there had been 67 individual ransomware attacks affecting 954 schools and colleges (opens in new tab).
This represents a 19% decrease from a year before, when 83 attacks were registered, affecting 1,753 institutions.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
The 2021 attacks impacted almost a million students (950,129), the report notes, adding that this number is also down by almost a third (31%) compared to 2020.
But when it comes to damages, there are very few reasons to feel positive. Comparitech’s estimate is that these attacks had cost the institutions $3.56 billion in downtime alone, also adding that secondary expenses (recovery costs, restoring computers and data, reactivating systems, future incursion prevention, etc.) were likely to be “astronomical” to alreadt-stretched budgets.
> Africa's biggest supermarket hit by ransomware attacks (opens in new tab)
> Most ransomware victims pay up, but many never recover their data (opens in new tab)
> The US government is doing a really bad job of tracking ransomware (opens in new tab)
Schools and colleges faced ransom demands of varying sizes, from $100,000 to as much as $40 million. Downtime varied from minimal disruption (for those with solid backup solutions), to “months upon months” of recovery time. On average, a school would lose four days to downtime, and spend up to a month, recovering from an attack.
Analyzing the attacks per state, Comparitech found New York saw the most attacks (7), or just above 10%, adding that this isn’t much of a surprise given that it’s the state with the fourth-highest population. Texas, on the other hand, the second-most populated state, was a close second, with six reported attacks.
Full breakdown, including the number of ransomware attacks per state, the number of students affected, as well as the cost of downtime, can be found on this link (opens in new tab).